Connect with us

Hi, what are you looking for?


Management & Strategy

How a Football Game Highlighted the Importance of Predictive Security

“Offense sells tickets; Defense wins championships”~ Coach Paul “Bear” Bryant Jr.

“Offense sells tickets; Defense wins championships”~ Coach Paul “Bear” Bryant Jr.

Not unlike most people this time of year, I try to make a point of taking in at least one football game on the weekend. And if you live in Boston like I do, that means watching the New England Patriots. If you will indulge my regional bias for one moment, I’d like to take the opportunity to explain how their last- minute victory over the New Orleans Saints this past weekend did more than add another game to the win column, but how it served as a blueprint for the way organizations should approach security.

Now they say football is often used as a metaphor for war based on the military terminology and strategy. You regularly hear players refer to their time on the turf as “doing battle” or “going to war” and if you’ve ever caught George Carlin’s famous riff on football, it’s easy to see why: “In football the object is for the quarterback, also known as the field general, to be on target with his aerial assault, riddling the defense by hitting his receivers with deadly accuracy in spite of the blitz, even if he has to use shotgun. With short bullet passes and long bombs, he marches his troops into enemy territory, balancing this aerial assault with a sustained ground attack that punches holes in the forward wall of the enemy’s defensive line.”

Football StrategyI also see it as a model for network security and, more specifically, predictive security. While most people have been caught up in the last minute and ten seconds of that game when Brady marched the team down to score the go-ahead touchdown with only five seconds left, the reality is, this game was in part decided earlier in the week. That’s when the coaching staff decided to isolate and eliminate New Orleans’ biggest threat, tight end Jimmy Graham. By applying the principles of predictive defense or security, the team identified the biggest threat to the success of their organization and dedicated the resources necessary to neutralize it. The results were that one of the most dangerous offensive players in the entire league was completely shut out for the first time since his rookie season.

Looking through that same lens, apply these predictive security principles to your organization. Are you able to identify the data that is absolutely critical to the success or failure of your business? If not, that is your first assignment. Once you have accomplished this, you need to look at your security structure and determine whether you are applying the proper resources to protect the assets that determine your company’s ability to stay in business.

As an industry, we are often guilty of trying to do too much and lose sight of the big picture – winning the game. As any coach will tell you, there is no such thing as an easy win in the NFL. And as any CISO or security director will tell you, there is never an easy fix in security. It takes constant vigilance, assessment, and focus to ensure that your organizations most important assets are locked down. It also takes the realization that no matter how many dollars or resources you throw at security, you can’t solve every problem so prioritization becomes the key.

Back to our football example for a moment, during this game the Patriots allocated their best defensive back to “locking down” Graham and ensuring that while they may take a few hits and dings along the way, they weren’t going to be beaten by the biggest threat. Now think about your own organization, do you approach network security this way? Do you say to yourself that while we make take a hit here or there on occasion, we aren’t going to lose to the company’s biggest threat which is the inability to protect our most critical data? As the Patriots proved on the field on Sunday, it’s all about neutralizing the biggest threat first, no matter what that takes from an asset allocation stand point, and you can then prioritize the rest from there.

Just like football, security is a tough game and not for the faint of heart. There are threats lurking around every corner and it’s when you think you are in the clear that a blindside hit is most likely to happen. It’s important in security to have adequate defense at all levels of your infrastructure to protect against all different types of threats while concentrating the majority of your resources on shoring up and guarding the most important asset.

Advertisement. Scroll to continue reading.

If you apply the principles of predictive security to your organization, you will find that the big victories will be in reach and the ultimate goal is achievable. It’s not easy, but as coach Belichick would say, “do your job,” and everything will work out.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...